'Microsoft Flight Simulator X update: New expansion installs a 'Chrome Password Dump'

Kate Louis Matriano

A screenshot of the Steam version of the game "Microsoft Flight Simulator X" which was developed by Microsoft Game Studios for Microsoft Windows. Flight Sim Labs (FS Labs) recently launched an expansion for the game which includes a file named "test.exe" which sparked criticism after Reddit users noticed that it extracts usernames and passwords from Google's Chrome browser and sends them back to FS Labs.Steam/ Microsoft Flight Simulator X: Steam Edition

Flight Sim Labs (FS Labs) launched an expansion for "Microsoft Flight Simulator X" that includes an installation of a "Chrome Password Dump" in a file named "test.exe" which sparked criticisms after Reddit users noticed that it extracts usernames and passwords from Google's Chrome browser and sends them back to FS Labs.

According to the Reddit thread titled "Flight Simulator expansion installed password-stealing malware as DRM," the A320-X expansion includes the password-stealing malware. Many "Microsoft Flight Simulator X" gamers were alarmed and a discussion on how far companies should go with Digital Rights Management (DRM).

In response to the ruckus, FS Labs founder Lefteris Kalamaras made three points clear in the company's forums. First, he said that there are no tools used to reveal sensitive information of customers who have legitimately purchased the game. Second, there is a specific method used against pirated serial numbers that are circulating on ThePirateBay, RuTracker and other sites. And third, if a player uses a pirated serial number and the installer had verified that the serial number is indeed pirated, the installer will verify FS Labs. Moreover, he said that "test.exe" only targets pirated copies of the game and will only be detected if the expansion is used with a pirated serial number (not blacklisted numbers).

Fidus Information Security, a cybersecurity firm, confirmed that the "test.exe" file is only called once a pirated serial number is used. However, Fidus also pointed out serious issues with FS Labs' "test.exe" — the legality of the actions once the malware is triggered, the reason for why data is being sent over HTTP and only being encoded with B64 and the security of the stored data seeing as the server running the log collection domain also has Remote Desktop Protocol (RDP) open to the internet. Fidus said that DRM is important alongside fighting digital piracy, FS Labs' DRM technique poses the question on how ethical companies are being in the process of implementing DRMs alongside its possible legal and information security implications.

Most Read

  1. iran

    How the Bible is growing the faith of Iranian refugees

  2. church-of-england

    What happens to church property if evangelical congregations leave the Church of England?

  3. paris

    Special edition New Testament to be handed out during Olympics

  4. books

    Four misunderstood works of classic literature with deep Christian meaning that are great for book clubs

  5. orchestra

    The Bible at the Proms

  6. climate-change

    Life After Doom

More News

  1. orchestra

    The Bible at the Proms

  2. politics

    Let's not retreat into our own political camps

  3. iran

    How the Bible is growing the faith of Iranian refugees

  4. church-of-england

    What happens to church property if evangelical congregations leave the Church of England?

  5. afghanistan

    Why your new MP needs to know about religious persecution and what you can do to help

  6. bible-study

    Church leaders write to Keir Starmer about fears of conversion therapy ban